Static Analysis

Subscribe to Static Analysis: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Static Analysis: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories

The common approach to securing applications is to try to identify and remove all of the application's security vulnerabilities at the end of the development process. However, this bug-finding approach is not only resource-intensive, it's largely ineffective. To have any chance of exposing all of the security vulnerabilities that may be nested throughout the application, the team would have to identify every single path through the application then rigorously test each and every one. And any error found would be difficult to fix, considering that the effort, cost, and time required to fix each one increases exponentially as the development process progresses. Most importantly, the bug-finding approach to security fails to address the root cause of the problem - the fact that security, like quality, must be built into the application. Building security into an appli... (more)

What’s new in the Summer ‘14 release for the Ops Team

AppDynamics recently announced our summer release that builds upon our history of delivering game changing functionality and innovations in application performance management.  In our latest version, we’ve added many features that cater to operations-focused professionals, let’s take a closer look at some of those features. Percentile metrics AppDynamics has always had robust behavior learning capabilities that automatically baseline the metrics that we collect.  Instead of having to tell our platform what’s normal behavior, AppDynamics continually collects data and adjusts the dynamic baselines in real-time.  Percentile metrics give customers the added ability to analyze metrics based on percentiles like 90%, 95%, or 99% to get a better understanding of the distribution of metrics.  Basically, it allows operations teams to exclude outlier data to get a better und... (more)

Automated Error Prevention for Linux

Most organizations that use Linux as a business operating system are developing their own applications for Linux - perhaps in response to the current scarcity of packaged applications available on Linux. With so much internal development for Linux, it is critical that the IT groups building your Linux-based applications have a means to efficiently produce reliable code. If they don't, you will jeopardize the very reliability and cost-effectiveness that most organizations are trying to achieve by turning to Linux. However, most development teams follow a development process that is far from efficient, and the applications they provide typically experience functionality problems and security weaknesses that require patches, updates, and redeployments. In fact, most IT organizations waste a great deal of their time, effort, and resources fixing what is essentially the... (more)

Code Quality as a Service

As the product manager for CAST Highlight, it's refreshing to see a shift in discussions about the "quality of cloud solutions" to "cloud quality solutions." Recently, there have been an increasing number of cloud-based static code quality analysis tools, or should I say services. A few that I've been watching include: Code Climate consolidates the results from a suite of Ruby static analysis tools into a real-time report, giving teams the information they need to identify hotspots, evaluate new approaches, and improve code quality. Codeq imports your Git repositories into a Datomic database, and then performs language-aware code quality analysis. By doing so, Codeq allows you to: track changes at the program unit level (e.g. function and method definitions); query your programs and libraries declaratively, with the same cognitive units and names you use while prog... (more)

Software Engineering and Code Quality Goals You Should Nail Before 2018

When applications crash due to a code quality issues, the common question is, "How could those experts have missed that?" The problem is, most people imagine software development as a room full of developers, keyboards clacking away with green, Matrix-esque code filling up the screen as they try and perfect the newest ground-breaking feature. However, in reality most of the work developers actually do is maintenance work fixing the bugs found in the production code to ensure a higher level of code quality. Not only does this severely reduce the amount of business value IT can bring to the table, it also exponentially increases the cost in developing and maintaining quality applications. And even though the IT industry has seen this rise in cost happening for years, they've done little to stem the rising tide. The time has come to draw a line in the sand. Capers Jone... (more)

Parasoft Receives “Testing Trend Setter” Award, Recognized as Market Innovator

Parasoft announced today that Info-Tech Research Group selected Parasoft as the winner of its Software Testing Trend Setter award and identified Parasoft as a Software Testing Market Innovator. Parasoft was recognized for the breadth and depth of its comprehensive software testing offerings, ranging from Service Virtualization, to API Testing, to Development Testing. Competing vendors evaluated in the report include HP, IBM, Microsoft, and Microfocus. The Trend Setter award honors the fact that “Parasoft has remained loyal to its testing roots and pushes to the cutting edge of the landscape by embracing business process testing.” The Market Innovator recognition lauds Parasoft’s “strong service virtualization capabilities that help reduce costs associated with configuring and managing testing environments” and notes how Parasoft’s wide array of patents give it “a c... (more)

Waratek Protects Enterprise Java Apps from the Inside Out

Waratek, the Java application protection and management company, today announced Waratek Java Application Security (JAS), the first security product that monitors, detects and blocks threats from within the Java Virtual Machine (JVM). Waratek JAS enables organizations to gain visibility into malicious activity, enforce security policies and virtually patch vulnerabilities at run-time without installing any agents or modifying applications. It prevents attacks from reaching Java applications regardless of whether they target business logic or legacy Java vulnerabilities. CLICK TO TWEET: @waratek protects #Java enterprise apps from the inside out #JavaSecurity According to Gartner, Inc.: “Applications can be better protected when they possess self-protection capabilities built into their runtime environments, which have full insight into applicat... (more)

SOA World - Exclusive Q&A with Dr Adam Kolawa, Co-founder & CEO of Parasoft

“Developers need to realize that Automated Defect Prevention benefits them," says Parasoft co-founder & CEO Dr Adam Kolawa in this Exclusive Q&A with SYS-CON Media's Java Developer's Journal. "But they won’t start recognizing this until they see that they have less work," Kolawa continues. The key to success, he adds, is to have an infrastructure handle as much work as possible. "This way, developers have time to focus on the creative tasks they enjoy most...the ones that truly require human intelligence." View Dr Kolawa on SYS-CON.TV Read Dr Kolawa's Articles “Developers need to realize that [ADP] benefits them. But they won’t start recognizing this until they see that they have less work.” -- Dr Adam Kolawa, Co-Founder & CEO of Parasoft Dr Adam Kolawa is the coauthor of the recently published Automated Defect Prevention: Best Practices in Software Management (Wiley... (more)

Java Application Security in the Corporate World

The vast majority of corporate developers truly believe that application security is not their concern, assuming that network and engineering groups will build their environment in a secure way. But what about application security? Are you ready for the code audit? Application Security Isn't Getting the Attention It Deserves When most people in the corporate world talk about "security," they mean the security of the network, operating system, and servers. Organizations that want to protect their systems against hacker attacks invest a lot of time, effort, and money ensuring that these three components are secure. Without this secure foundation, systems cannot operate securely. However, even if the network, server, and operating system are 100% secure, vulnerabilities in the application itself make a system just as prone to dangerous attacks as unprotected networks, op... (more)

JDJ Product Review — Parasoft Jtest 8.0

In terms of unit testing and code compliance, Jtest is a real heavyweight in the arena. For those who haven't come across Jtest before, it's an application that will analyze your Java application code for you. At present Jtest has 700 built-in rules and 100 security rules and it will autocorrect 250 of those rules for you. It provides Parasoft SOAtest hooks for testing of SOA/Web services and Web apps. The reporting engine is also built-in so once tests are run, you can view and print results via a Web browser. There are some new features such as improved J2EE testing and the Bug Detective, which I will cover later in this review. The front end is built on the Eclipse framework so it will be familiar to some of you. Test projects are created the same way you would create a project in Eclipse. The wizards are easy to use and I got up and running in a short time. You... (more)

JavaOne 2008: Uncommon Java Bugs

Any large Java source base can have insidious and subtle bugs. Every experienced Java programmer knows that finding and fixing these bugs can be difficult and costly. Fortunately, there are a large number of free open source Java tools available that can be used to find and fix defects early in the development life cycle. In this article, we’ll look at a few examples of specific uncommon[1] or unusual defects that can happen in code and see how different Java static analysis tools detect them. Testing As software gets more complex and ubiquitous, it becomes more difficult to ensure high-quality code. One common method of finding bugs is testing. But testing can’t cover all paths and possibilities or enforce good programming practices. Expert knowledge in the form of manual code review by peers is one of the best ways to ensure good code quality. Code revie... (more)